Facebook icon Twitter icon Instagram icon LinkedIn icon Close icon Home icon

DATA PROTECTION MEMORANDUM

CANDIDATES

From: (A) If you’re applying for a job listed at http://www.rockawaycapital.com/en/get-job/, the data controller is the company to which the job offer relates.

(B) If you’re applying to participate in Rockaway Academy at https://academy.rockawaycapital.com/, the data controller is ROC services, s.r.o., ID No.: 241 53 273 (“ROC”).

(C) If neither (A) nor (B) above applies to you, the data controller is ROC.

(Any such relevant company mentioned above will, for the purposes of this Memo, be referred to as the “Company” or simply as “we”.)
To:You, as data subject
Version:1.2

Dearest candidate,

We recognize the fact that your personal data belong to you and no one else. Therefore, we consider it our highest priority to keep you well informed about how we treat your personal information. This data protection memorandum (“Memo”) is intended to give you a full overview of how we process your personal data (a) from the moment you start participating in a recruitment process concerning a certain open position with us all the way till the end of the recruitment process, and (b) even beyond the scope of a particular recruitment process, if you’ve allowed us stay in touch with you. This Memo applies to you no matter if such recruitment process is related to a regular job or an internship with us, and for the sake of simplicity we’ll just call whatever you’re applying for a ‘job’.1

1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

The organization which decides how your personal data should be processed and is responsible for ensuring that your privacy rights are always respected (the so-called data controller) is the Company. Please see section 8 below to read about how you can contact the Company.

2. WHY DO WE PROCESS YOUR DATA AND WHAT ALLOWS US TO DO SO?

We process the following categories of personal data relating to you starting from the moment you join the recruitment process concerning an open position with us:

Category of Personal DataDescription
Identification DetailsThis includes in particular your name, date of birth, and photographs which you might send us e.g. as part of your CV.
Contact DetailsThis includes in particular your contact address, phone number and e-mail address.
Professional DetailsThis includes in particular details about your education (both official and by means of training courses and similar), relevant skills, prior work or other relevant experience, CVs, motivational letters and employer references.
Assessment DetailsThis includes in particular all data we note down about your fitness for the position applied for, your performance at interviews, assessment centers and tests, and your cover letter sent as part of your on-line application via the form at http://www.rockawaycapital.com/en/get-job/ or otherwise (if applicable).

3. WHY DO WE PROCESS YOUR DATA AND WHAT ALLOWS US TO DO SO?

Broadly speaking, we use your information in two ways. First, if you apply for a position with us, we keep it to be able to perform the applicable recruitment process and evaluate if we’ll get along. Second, regardless of whether you’re partaking in a recruitment process or not, we might use your information to get in touch with interesting job openings – with your consent. The following lists all purposes and legal bases for our processing activities.

3.1 During a Recruitment Process

If you take part in the recruitment process pertaining to an open position at our Company, we’ll have to process the following categories of personal data relating to you for the purposes and on the legal basis stated below:

Category of Personal DataPurpose of ProcessingPurpose Description
Identification DetailsPerformance of Recruitment ProcessWe use this information to be able to carry out the recruitment process with you, which inherently includes appropriate candidate assessment. In particular, collecting this personal data enables us to invite you to interviews, communicate with you about your results and other things related and determine whether or not we’re going to be the right fit for each other professionally.
Contact Details
Professional Details
Assessment Details

* The purposes of processing indicated in the column ‘Purpose of Processing’ should rather be understood as categories of processing purposes, whereas the details of the individual processes are described in the column ‘Full Purpose Description’. The names of categories of processing purposes are used throughout this Memo as shortcuts so we don’t have to write out each individual processing purpose repeatedly.

We are allowed to process the personal data in the manner described because it’s a necessary measure towards reaching an agreement between you and us (e.g. an employment or other cooperation contract).

3.2 Outside of the Recruitment Process

If you choose to grant ROC your consent, ROCas well as some other companies disclosed below will be able to process some of your personal data even outside of a specific recruitment process to be able to keep you in their candidate databases and send you relevant offers of jobs with them. Whether or not you choose to give us such consent has no effect on our evaluation of your performance during any recruitment process.

Category of Personal DataPurpose of ProcessingPurpose Description
Identification Details>Job Offers With your prior consent, ROC will have the option to (a) store this personal data in its candidate database in order to be able to contact you with relevant job offers later on and (b) to provide such data to the companies stated under section 4.1 below for the purposes of maintaining a candidate database and contacting you with relevant job offers, and (c) ROC and the other companies stated under section 4.1 below will be permitted to contact you with relevant offers of jobs with them for 3 years.
Contact Details
Professional Details

Please note that even if you give us your consent with respect to the processing described above, you may withdraw it at any time in the manner described in section 8 below or as otherwise allowed by us in the specific case. Withdrawing your consent doesn’t affect the lawfulness of processing based on such consent before you withdrew it.

Legalese Note Regarding Proactive Queries by Candidates:

Please beware that in a scenario where you would proactively contact ROC and request that ROC inform you of job opportunities in the future, under the applicable laws the most appropriate legal ground for processing of your personal data for such purposes may not be your consent as envisaged above, but rather the need of such processing for the performance of the ‘watchdog’ service by ROC in your favor (i.e. the performance of contract). That said, the reason ROC asks for your consent even in the foregoing scenario is a purely practical one: Any grant of consent is automatically recorded in ROC’s IT system and a three-year countdown begins at the same moment. Upon the lapse of that countdown, all your data is automatically erased. Moreover, if you give ROC data based on your consent, you can always use the same consent form to erase that data without any input on ROC’s part. ROC pledges that whenever it claims to process your personal information for a certain purpose based on your consent and an alternative legal ground exists for such processing, it will not carry on with such processing based on that alternative legal ground after your consent has expired or been withdrawn.

4. WHO ELSE HAS ACCESS TO YOUR DATA?

Whenever necessary for the attainment of the processing purposes described in section 3 above, we might have to share some of your personal data with the following types of recipients:

4.1 Potential Employers

If you’ve given ROC your consent to processing for the purposes of Job Offers (see section 3.2 above), the following companies may, in addition to ROC, have access to the relevant groups of data relating to you and assume the role of a data controller towards you:

as well as

4.2 Other Persons and Organizations with Access

Alongside the companies mentioned above, it is inevitable that the following types of persons and organizations will, to some extent, have access to your data:

To the extent any of the foregoing recipients process your data outside of the European Economic Area, we ensure that adequate protection is safeguarded contractually using the model clauses issued by the European Commission or otherwise.

5. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Unless your data is erased prematurely (e.g. because you’ve withdrawn your consent with its processing), this is how long we store your personal data:

(a) By Default

Unless you choose to give us your consent with processing for the purposes of Job Offers (see section 3.2 above) or start working with us, we will normally erase your personal data within 1 month from the end of the recruitment process or the expiry of any other reason why you gave us your personal information. Please beware, however, that we may also retain your data for as much as 15 years if for whatever reason we need them to defend our rights in court or otherwise.

(b) With Your Prior Consent

If you choose to give us your consent with processing for the purposes of Job Offers (see section 3.2 above), we and any further companies who have received your data for the purposes of Job Offers will erase the relevant personal data after 3 years from the date of your consent (or, if applicable, renewed consent).

6. WHERE DO WE GET YOUR PERSONAL DATA?

We get your Identification Details, Contact Details and Professional Details mostly from yourself, but occasionally also from professional networking websites (e.g. LinkedIn), recruitment agencies and websites (e.g. Human Capital Advisory Group, Grafton Recruitment, COCUMA, Jobs.cz, executivejob.cz, Techloop.io, AirJobs.cz, and similar), as well as persons who know you and put in a good word for you. We either derive your Assessment Details from your performance at interviews, tests and assessment centers, or obtain them from persons or organizations who hold tests or assessment centers on our behalf.

7. WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR PERSONAL DATA?

As the sole proprietor of your personal data, you have multiple rights which you can use to maintain or regain full control of them whenever you deem fit:

7.1 Right to Access

You have the right to know all there is to know about how we process your personal data as well as your rights connected with such processing. While this Memo should answer most of your questions already, you may at any time ask us for confirmation as to whether or not we process (certain) personal data concerning you – if indeed we do, you are entitled to full information about such processing activity. The right to access includes the option to request a copy of all personal data concerning you which we process; we’ll give you the first copy for free and only charge you a fee for any further copies.

7.2 Right to Access

We all make mistakes sometimes. Should you ever notice that some of the personal data concerning you and processed by us is inaccurate or incomplete, you have the right to demand that we correct or supplement it without undue delay.

7.3 Right to Be Forgotten

In some cases you have the right to demand that we erase your personal data. We are obliged to do so if:

7.4 Right to Restriction of Processing

In some circumstances you may have the right to demand that we limit the processing of your personal data (other than erase it altogether). This means that we will have to set your data aside and stop processing it for the time being, but not forever (that would be where the right to erasure comes in). We are obligated to restrict processing:

7.5 Right to Data Portability

You have the right to obtain all such personal data concerning you and collected or otherwise processed by us based on your consent. If you invoke this right, we will be obliged to provide you all such data in a structured, commonly used and machine-readable format (XLS, PDF or similar). Your data portability right only applies to data which we process automatically.

7.6 Right to Object

You may object to any processing performed based on our legitimate interests. If the processing at issue is conducted for direct marketing purposes, we’ll stop the processing activity immediately; in other instances we’ll first investigate the merits of your objection and cancel the processing if we find that we have no substantial legitimate interests to continue with the processing activity.

7.7 Right to Lodge a Complaint

Regardless of any other rights you might invoke, you may always file a complaint with the competent supervisory authority. This is especially so if you feel that your personal data is being processed unlawfully. Should you wish to lodge a complaint against processing performed by us, the competent authority would be the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů) located at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.

8. WHERE AND HOW DO I INVOKE MY RIGHTS?

If you have a question about our data protection policy or your rights under it, wish to exercise any of your rights under section 7, want to withdraw your consent with the processing of personal data or simply need to get in touch in a related matter, please write us an e-mail at privacy@rocservices.com (ROC will then forward your query to the relevant data controller if ROC itself is not it).

We’ll do our best to deal with your query as fast as we can, but in any event within one month. Since we’re no automated tech-giant, please understand that some of the more complicated queries might exceptionally take us up to two more months to sort out – but we’ll obviously let you know if this happens to be the case.

Please note that we may only advise you on your rights to the extent required of us by the applicable data protection laws. We highly encourage you to seek independent legal advice should you have any questions beyond that scope.

1Legalese Notice: Legalese Notice: This Memo should be understood as the Company providing you information related to data processing as data controller within the meaning of Arts. 13 and 14 of the EU General Data Protection Regulation (“GDPR”).